Google has decided to raise the price they will pay to any hackers that report software bugs and vulnerabilities in Google’s online services. Google has experienced success in the past rewarding hackers for exploiting and reporting bugs in Google Chrome. The maximum reward for exposing a vulnerability that would let an intruder’s code get up to mischief in a Google data centre was increased from the U.S. $3,133 payout set when the bounty program was launched in November of 2010.
Vulnerabilities that allow for Remote code execution found in Google’s Web apps will also be rewarded $20,000. The term “remote code execution” refers to the most serious category of vulnerabilities, those which when exploited allow an attacker to hijack a system or inject malware on a machine. Google has also stated that a $10,000 bounty will be paid for SQL injection bugs or significant authentication bypass or for leaks that allow the leakage of data.
At Google’s Pwnium contest in March, Google paid out $60,000 prizes to anyone that could exploit the Chrome browser. Two people managed to do so, and collected the money. Google’s $20,000 top payment is likely still far below the market rate. Many security researchers have said that Google is not offering enough money and that malicious hackers are able to get much more money on the black market. By raising the bounty, Google hopes to inspire software savants to hunt for difficult-to-find, and exploit bugs hidden deep in Google’s sites, software, and services. (